Hackers Repurpose RansomHub’s EDRKillShifter in Medusa, BianLian, and Play Attacks
Mar 27, 2025Ravie LakshmananEndpoint Security / Ransomware
A new analysis has uncovered connections between affiliates of RansomHub and other ransomware groups like Medusa, BianLian, and Play.
The connection stems from the...
RedCurl Shifts from Espionage to Ransomware with First-Ever QWCrypt Deployment
Mar 26, 2025The Hacker NewsRansomware / Endpoint Security
The Russian-speaking hacking group called RedCurl has been linked to a ransomware campaign for the first time, marking a departure in the...
VSCode Marketplace Removes Two Extensions Deploying Early-Stage Ransomware
Mar 24, 2025Ravie LakshmananMalware / Encryption
Cybersecurity researchers have uncovered two malicious extensions in the Visual Studio Code (VSCode) Marketplace that are designed to deploy ransomware that's under development to...
⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More
Mar 24, 2025Ravie LakshmananWeekly Recap / Hacking
A quiet tweak in a popular open-source tool opened the door to a supply chain breach—what started as a targeted attack quickly spiraled,...
VanHelsing RaaS Launch: 3 Victims, $5K Entry Fee, Multi-OS, and Double Extortion Tactics
Mar 24, 2025Ravie LakshmananMalware / Ransomware
A ransomware-as-a-service (RaaS) operation called VanHelsing has already claimed three victims since it launched on March 7, 2025.
"The RaaS model allows a wide range...
Kaspersky Links Head Mare to Twelve, Targeting Russian Entities via Shared C2 Servers
Mar 21, 2025Ravie LakshmananMalware / Cyber Attack
Two known threat activity clusters codenamed Head Mare and Twelve have likely joined forces to target Russian entities, new findings from Kaspersky reveal.
"Head...
Medusa Ransomware Uses Malicious Driver to Disable Anti-Malware with Stolen Certificates
Mar 21, 2025Ravie LakshmananRansomware / BYOVD
The threat actors behind the Medusa ransomware-as-a-service (RaaS) operation have been observed using a malicious driver dubbed ABYSSWORKER as part of a bring your...
ClearFake Infects 9,300 Sites, Uses Fake reCAPTCHA and Turnstile to Spread Info-Stealers
Mar 19, 2025Ravie LakshmananCloud Security / Web Security
The threat actors behind the ClearFake campaign are using fake reCAPTCHA or Cloudflare Turnstile verifications as lures to trick users into downloading...
Leaked Black Basta Chats Suggest Russian Officials Aided Leader’s Escape from Armenia
Mar 19, 2025Ravie LakshmananCybercrime / Threat Intelligence
The recently leaked trove of internal chat logs among members of the Black Basta ransomware operation has revealed possible connections between the e-crime...
SANS Institute Warns of Novel Cloud-Native Ransomware Attacks
Mar 17, 2025The Hacker NewsCloud Security / Threat Intelligence
The latest Palo Alto Networks Unit 42 Cloud Threat Report found that sensitive data is found in 66% of cloud storage...